Re: Left off the ballot?

From: Alan Dechert <alan_at_openvotingconsortium_dot_org>
Date: Thu Apr 15 2004 - 11:04:11 CDT


> On Apr 14, 2004, at 9:41 AM, Alan Dechert wrote:
> >> Ah, nice to see the criminal mind at work.
> >>
> > The trick will be to put this in open source in such a way that no one
> > will
> > catch it.
> I'm certain that almost anything can be hidden in a moderate to large
> program in such a way that it won't be easily noticed. Furthermore,
> open source software doesn't guarantee that anyone will read it, and it
> may take several readers before someone notices the Trojan.

Couldn't we generalize your, um, procedure to go something like:

The SelectionVerification procedure (or SVT where, "T" is for Trojan)
purports to verify that all selections made are valid, while doing something
different. Namely, it listens for a sequence of events (selections,
deselections, characters in write-in entryfields, etc) such that if the SVT
hears the right combination of events, a whole menu of vote rigging options
becomes available. Letters in write in entryfields (deleted afterwards so
nothing recorded on the ballot looks suspicious) could be numbers (base-10
using say A-J or even base-26 A-Z) to calculate positions on the ballot to
be "fixed" and zero or one to indicate not-selected/selected....etc.

Couldn't we also hide much of this code in special DLLs we substituted for
DLLs that came with the OS?

Do examiners look at how OS DLLs get used?

Alan D.
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Apr 30 23:17:06 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT